Boundary Security

The industrial Internet of Things (IIoT) offers many new possibilities for creating real-value in the next generation of smart connected industrial systems. Much of this value will be achieved by enabling data generated from the additional connectivity to flow to the places in a system where it makes most sense in order to support new business processes and create new efficiencies. To make this happen will require existing and potentially new parts of a system (different subsystems) to interoperate, share information and to co-ordinate their activities. IIoT systems will need much better alignment between both the Operational Technology (OT) and the Information Technology (IT) and will require secure data connectivity both horizontally between operational subsystems and vertically with backend subsystems in the Cloud.

Vortex Link can be used to enable secure communications at the boundary between subsystems, a fundamental requirement for helping to secure the next generation of IIoT systems. A subsystem can be either a network of connected applications running on a LAN (e.g. edge based edge subsystem), a suite of applications hosted in a Cloud subsystem and accessible over the Internet or even an individual TCP-enabled device connecting to the Cloud or directly into a LAN subsystem.

Individual subsystems may support different fine grained security features between endpoints on the same network, however if data connectivity to the network from an external subsystem is required then this is a key area of vulnerability and the boundary must be secured independent of the security capabilities within a network subsystem. 

Vortex Link enable Boundary Security by providing certificate-based authentication between subsystems and also individual devices (e.g. mobile device using TCP) connecting into a LAN, secure encrypted communications and access control rules defining the privileges each subsystem or TCP-enabled device has to read or write data.

Boundary Security provided by Vortex Link supports the following use cases:

  • Data connectivity between a LAN subsystem (e.g. edge network) and a Cloud subsystem
  • Data connectivity between two LAN subsystems (e.g. between two edge networks)
  • Data connectivity between a TCP-enabled device and a LAN subsystem
  • Data connectivity between a TCP-enabled device and a Cloud subsystem

Key Security Features include:

  • Mutual certificate based authentication of subsystems (Cloud, edge) and TCP-enabled devices
  • Encrypted communications between subsystems and devices
  • Access control rules based on a subsystem or device's identity and control over the privileges granted to read or write data
  • Access control rules can be defined for all parts (subsystems and devices) and accessed from a centrally hosted location